d2f1c22fc0aa7a181032fb3cdf1ccf60_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2f1c22fc0aa7a181032fb3cdf1ccf60_JaffaCakes118
Size

13KB
MD5

d2f1c22fc0aa7a181032fb3cdf1ccf60
SHA1

6faba4d07c579ec54ae6a198c11adb5cbf939e32
SHA256

33d5d59c5ccdf8a22abc0664bef5eac7aa83404fa078bc62dfab4cf874e4abfd
SHA512

d6fa52f993fc5bde20e657ad76e082cd6f28fda153689307e8c4698ee6782302cf817f68f07bae746936524f32efd45c3f4f0f1633cef06dc07e514ba42285dd
SSDEEP

384:U8PugL6CZkHoQA6iWjg4oIyOTTpWw6B1:UauW6C/+iOg4opeD6B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2f1c22fc0aa7a181032fb3cdf1ccf60_JaffaCakes118

Files

d2f1c22fc0aa7a181032fb3cdf1ccf60_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c27a4248d8724ed9e31c928d20a60a61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

shlwapi

StrToIntA

psapi

EnumProcessModules

mfc42

ord1089

msvcrt

??1type_info@@UAE@XZ

user32

GetAsyncKeyState

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize

oleaut32

VariantClear

urlmon

URLDownloadToFileA

Exports

Exports

?DelHook@@YGHXZ
?SetHook@@YGHXZ

Sections

.text
Size: 7KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE